In networked computer deployments, users of client computers are required to authenticate themselves to server computers for applications such as electronic mail, accessing privileged or confidential information, purchasing goods or services, and many other electronic commerce transactions. When the information involved is of relatively low value, it may be sufficient for the user to authenticate himself with a simple password. However, when the information is of high value, or when the data network is unsecured, simple passwords are insufficient to control access effectively. For example, when computers are accessed across the Internet, passwords are easy to capture by filtering packets as they traverse the network. Alternatively, passwords can be guessed or "cracked" by intelligent trials, since passwords are often six or fewer characters. In brief, the convenience of passwords makes them easy to break--if they are sufficiently easy for the user to remember, they are sufficiently easy for the hacker to guess.
To overcome the insecurity of the password, alternative technologies have been developed. One such technology is asymmetric key cryptography. In this technology, each user has two keys, a private key and a public key. The user performs a cryptographic operation (e.g., an encryption or a digital signature) on a digital quantity using his private key, such that the quantity may be authenticated by a verifier having access only to the user's public key. The private key therefore serves as the user's authentication credential. That is, the verifier need not know the user's private key in order to authenticate the user. Because the public key may be widely disseminated while the private key remains confidential, strong authentication is provided with enhanced security. Private keys are generally too long and complex for the user to memorize, and are therefore usually stored in software or hardware tokens, and interfaced with computers prior to use.
One such software token is the so-called software wallet, in which the private key is encrypted with a password or other access-controlled datum. In such software wallets, an intruder is not deterred from repeatedly trying passwords, in an exhaustive manner, until he recovers the private key. This poses analogous security risks to the simple password schemes described above. In addition, the software wallet is stored on a user's computer, which may be inconvenient if the user needs to freely roam from one location to another.
In contrast to software wallets, hardware tokens such as smart cards are more secure, and can be conveniently carried as the user roams. In a typical hardware smart card, the private key is stored in hardware, and protected by a watchdog chip that allows the user to access the private key, should he enter the correct password that unlocks the smart card. The smart card can even be configured so that, if a hacker attempts to guess passwords, the card locks up after a small number of successive missed attempts. The disadvantages of hardware token are: (1) roaming is restricted to locations where the appropriate token reader hardware is installed; (2) hardware tokens are expensive in contrast to software tokens; (3) hardware tokens must be physically carried wherever the user wishes to roam; and (4) hardware tokens are often lost, misplaced, or stolen.
Thus, while hardware token systems offer increased security, they have several disadvantages compared to software based systems. It would, therefore, be desirable to have a system that combines the best features of both hardware and software based systems.